Lobbies on dataprotection

This page lists an overview of the different lobbies' s documents calling for an extensive definition of personal data, upon the adoption process of the European Commission's Proposal for a General Data Protection Regulation. But there are many others, such this document of 2500 pages.

The indicated month is when the position has been sent to Members of the European Parliament.

CEA PMEdefend the interests of about one million small and medium enterprises from all sectors towards the European institutions.

FSB (Federation of Small Businesses) is the UK's largest campaigning pressure group promoting and protecting the interests of the self-employed and owners of small firms (200,000 members).

ACT ([Association for Competitive Technology) is an international grassroots advocacy and education organization representing more than 5,000 small and mid-size app developers and information technology firms.

In this document, these associations defend SMEs' interest by asking to dismiss the explicit consent requirement, to broaden the cases where a processing is lawfull, especially when data are collected from documents accessible by everyone or when necessary to ensure the legitimate interests of third parties, and to reduce 'administrative burdens' such as data protection impact assessments and data protection officer.

CED: The Council of European Dentists (CED) is the representative organisation of the dental profession in the European Union, representing over 340,000 practicing dentists from 32 national dental associations and dental chambers in 30 European countries.

HOPE: the European Hospital and Healthcare Federation, is an international non-profit organisation

FEAM: The Federation of European Academies of Medicine (FEAM) represents national academies in 14 EU member states

COCIR: COCIR represents the Radiological, Electromedical and Healthcare IT industry in Europe.

EFPIA: The European Federation of Pharmaceutical Industries and Associations (EFPIA) represents the pharmaceutical industry operating in Europe.

Continua Health Alliance: Continua Health Alliance is a non-profit, open industry organization of healthcare and technology companies joining together in collaboration to improve the quality of personal healthcare

GSMA: The GSMA represents the interests of mobile operators worldwide.

CPME: The Standing Committee of European Doctors (CPME) represents national medical associations across Europe.

In this paper, the coalition asks to maintain special provisions for data processing for healthcare, research and patient safety, to clarify definitions for data concerning health and for consent given by a patient and to consider the potential unwanted consequences of the Right to be Forgotten in the healthcare context (erasing information on medical history, allergies, blood type...)

The Future of Privacy Forum is a Washington DC based think tank and advocacy group focusing on the topic of privacy. It is supported entirely by companies, including , Facebook, Google and Microsoft.
The organization is run by Jules Polonetsky, the former chief privacy officer for AOL and Google Doubleclick and a member of the advisory board of the Center for Copyright Information, the industry-run organization in charge of the "6 strikes" graduated response system for copyright infringement in the US.

It published three papers in reaction to the proposed Regulation. The first one argues against the requirement of an explicit consent, pretending that such a consent would "burden individuals with difficult, complicated choices, which become a detriment to user interfaces and cause notice fatigue" and that "in many cases, consent that is implied from the context of a transaction or relationship is more meaningful than explicit consent.". The second one defends the dubious concept of "pseudonymous data" ; despite it recognizes the technical flaws of de-identification, it pretends privacy enhancing techniques have evolved enough to face these issues. The third paper focuses on the Regulation's territorial scope, criticizing the new "monitoring the behavior of EU data subjects" test (which replaces the previous "use of equipment within the EU" test").

The International Chamber of Commerce, based in Paris, has hundreds of thousands of member companies in over 130 countries. It published a paper in which it calls for lower administrative burdens, clarification on the definition of 'main establishment' and provisions in favor of international data flows.

International confederation for printing and allied industries, January 2013[edit]

INTERGRAF urges to reject amendments 81 and 135, as it fears a law targeted at the digital world would impact the direct mail business, which also relies on collecting data and sending out mailings (albeit physical). Their claim is that no one is questioning the handling of personal data by postal direct mail operators.

European Small Business Alliance and Association for Competitive Technology, January 2013[edit]

Eurofinas is the representing lobby for consumer credit providers in Europe. In this document, it's suggesting amendments to the ITRE draft opinion. Those amendments aim at reviewing the definition of personal data and date subjects in an extensive way, allowing the companies to process, use and disseminate personal data freely, without any obligation to inform its consumers.

Insurance Europe is the representing lobby for Insurance Federations in Europe. In its comments and
definitions on the ITRE draft proposal, it's pushing for a limitation of consumer's right to access their data, in the name of business and competition.

Leaseurope is the representing lobby for car rental companies. On the pretext of heavy administrative changes for its members and in the name of business, it's supporting the less protective amendments for citizens, denying them the right to control their data.

European Association of Search and Database Publishing, November 2012[edit]

EASDP is the representing lobby for directory publishers in Europe. In this paper, it asks to exclude the physical persons acting in their business capacity from the scope of the regulation and to make the publishers of personal data not responsible for the re-publishing of these data by third parties.

Digital Europe is the representing lobby for European digital technology industry. Among its members stand Apple, Microsoft, Nokia... (see last page of their document). Among the 64 amendments proposed by the organisation, modifications are made to water down obligations concerning data breaches notifications to the data subject.

The European Banking Federation is the representing lobby for European banks. As most of the other lobbies, its proposed amendments aim at softening obligations concerning data breaches 24h notification, limitation of profiling and procedure of consent. All of these amendments go against citizens fundamental freedoms.

European Magazine Media Association and European Newspapers Publisher’s Association, November 2012[edit]

The Bundesrechtsanwaltskammer welcomes the new legislation but wants to make sure that it doesn't interfere in their work. Lawyers collect clients' data as a part of their everyday work. The secrecy obligation must be given precedence over any data protection regulations. The state must not have access or regulate the lawyer-client communication. The German Federal Bar proposes a few amendment changes which explicitly add lawyer-client scenarios to the exceptions where consent does not have to be confirmed, since the subject is very well aware of the data collection in such situations. It advocates that sectoral supervisory bodies should be allowed alongside or instead of territorial data protection control bodies. Lastly the Bunderechtsanwaltskammer want to add a sentence to Article 51: „The supervisory authority shall not be competent to supervise processing operations of courts acting in their judicial capacity” should according to the document be supplemented by „The same shall apply to the activities of lawyers”.

Digital Europe is the lobbying association of European technology producers. In their position paper (Note: see also their proposed amendments further above.) they claim to welcome strong water protection but advocate less paperwork and hence less regulation. Some of their main points include that privacy by design creates unnecessary bureaucratic costs, that the 24 hour data breach notification is similarly too costly to achieve and that administrative sanction create uncertainty and thus harm the industry. Further Digital Europe thinks that the proposed definition of personal data is too broad and that explicit consent is in many cases non-essential and even a big obstacle. The Commission and the DPA should not be granted any extra powers.

Introduction: “The new legislative framework should focus on encouraging best practice by companies like Facebook rather than on setting out detailed technical rules that will not stand the test of time and may be frustrating and costly for both service providers and users.” (page 1)

Facebook is opposing European cooperation of DPCs when it comes to enforcement of the law. They rather have only the Irish DPC to govern them. (page 3)

Data processors should be able to make limited decisions and not be seen as controller. (page 4)

Facebook opposes “privacy by default” settings. (page 4)

Facebook welcomes that users from the age of 13 can consent to data processing and wants to get rid of the definition of a ‘child’ being younger than 18. (page 5)

Facebook opposes the sections of the “right to be forgotten” that say that a provider has to inform other providers to delete information. Facebook also opposes that users can insist that information that others posted about them should be removed. (page 6)

“The highly prescriptive nature of the requirements for consent contained in Articles 4(8), 5(2) and recital 125 could potentially require more intrusive mechanisms to ask for consent for specific alternatives. This carries the risk of inundating users with thick boxes and warnings”.

“...even the most minor breaches must be reported to the DPA. Facebook is concerned that this will not allow for effective prioritization of the most serious breaches.”

Facebook is pushing for easier data transfer out of the EU/EEA (page 9)

Facebook is strictly opposing heavy fines when data protection laws are breached and favors cooperative approach by the authorities.

“Facebook is concerned that the magnitude of potential fines will create I disincentive for innovation and associated job creation among internet service companies. This could be a major blow for the European Union given that the Internet sector is widely recognized as the major driver of job creation and growth in an otherwise moribund economic environment.” (page 10)
Facebook even argues that heavy fines will lead to less data protection and more cost for the state.

Facebook is opposing that the European Commission has granted itself too many possibilities for delegated acts.